Prepare a PXE Server for NSX Edge

PXE is made up of several components: DHCP, HTTP, and TFTP. This procedure demonstrates how to set up a PXE server on Ubuntu.

DHCP dynamically distributes IP settings to NSX-T Data Center components, such as NSX Edge. In a PXE environment, the DHCP server allows NSX Edge to request and receive an IP address automatically.

TFTP is a file-transfer protocol. The TFTP server is always listening for PXE clients on the network. When it detects any network PXE client asking for PXE services, it provides the NSX-T Data Center component ISO file and the installation settings contained in a preseed file.

Prerequisites

A PXE server must be available in your deployment environment. The PXE server can be set up on any Linux distribution. The PXE server must have two interfaces, one for external communication and another for providing DHCP IP and TFTP services.
If you have multiple management networks, you can add static routes to the other networks from the NSX-T Data Center appliance.
Verify that the preseeded configuration file has the parameters net.ifnames=0 and biosdevname=0 set after -- to persist after reboot.

See NSX Edge network requirements in NSX Edge Installation Requirements.

Procedure

(Optional) Use a kickstart file to set up a new TFTP or DHCP services on an Ubuntu server.
A kickstart file is a text file that contains CLI commands that you run on the appliance after the first boot.
Name the kickstart file based on the PXE server it is pointing to. For example:
```
nsxcli.install
```
The file must be copied to your Web server, for example at /var/www/html/nsx-edge/nsxcli.install.
In the kickstart file, you can add CLI commands. For example, to configure the IP address of the management interface:
```
stop dataplane
set interface eth0 <ip-cidr-format> plane mgmt
start dataplane
```
To change the admin user password:
```
set user admin password <new_password> old-password <old-password>
```
If you specify a password in the preseed.cfg file, use the same password in the kickstart file. Otherwise, use the default password, which is "default".

To join the NSX Edge with the management plane:
```
join management-plane <manager-ip> thumbprint <manager-thumbprint> username <manager-username> password <manager password>
```

Create two interfaces, one for management and another for DHCP and TFTP services.

Make sure that the DHCP/TFTP interface is in the same subnet that the NSX Edge resides in.

For example, if the NSX Edge management interfaces are going to be in the 192.168.210.0/24 subnet, place eth1 in that same subnet.

# The loopback network interface
auto lo
iface lo inet loopback

# PXE server's management interface
auto eth0
iface eth0 inet static
  address 192.168.110.81
  gateway 192.168.110.1
  netmask 255.255.255.0
  dns-nameservers 192.168.110.10

# PXE server's DHCP/TFTP interface
auto eth1
iface eth1 inet static
  address 192.168.210.82
  gateway 192.168.210.1
  netmask 255.255.255.0
  dns-nameservers 192.168.110.10

Install DHCP server software.
```
sudo apt-get install isc-dhcp-server -y
```
Edit the /etc/default/isc-dhcp-server file, and add the interface that provides the DHCP service.
```
INTERFACES="eth1"
```
(Optional) If you want this DHCP server to be the official DHCP server for the local network, uncomment the authoritative; line in the /etc/dhcp/dhcpd.conf file.
```
...
authoritative;
...
```

In the /etc/dhcp/dhcpd.conf file, define the DHCP settings for the PXE network.

For example:

subnet 192.168.210.0 netmask 255.255.255.0 {
   range 192.168.210.90 192.168.210.95;
   option subnet-mask 255.255.255.0;
   option domain-name-servers 192.168.110.10;
   option routers 192.168.210.1;
   option broadcast-address 192.168.210.255;
   default-lease-time 600;
   max-lease-time 7200;
}

Start the DHCP service.
```
sudo service isc-dhcp-server start
```
Verify that the DHCP service is running.
```
service --status-all | grep dhcp
```
Install Apache, TFTP, and other components that are required for PXE booting.
```
sudo apt-get install apache2 tftpd-hpa inetutils-inetd
```

Verify that TFTP and Apache are running.

service --status-all | grep tftpd-hpa
service --status-all | grep apache2

Add the following lines to the /etc/default/tftpd-hpa file.
```
RUN_DAEMON="yes"
OPTIONS="-l -s /var/lib/tftpboot"
```

Add the following line to the /etc/inetd.conf file.

tftp    dgram   udp    wait    root    /usr/sbin/in.tftpd /usr/sbin/in.tftpd -s /var/lib/tftpboot

Restart the TFTP service.
```
sudo /etc/init.d/tftpd-hpa restart
```
Copy or download the NSX Edge installer ISO file to a temporary folder.

Mount the ISO file and copy the install components to the TFTP server and the Apache server.

sudo mount -o loop ~/nsx-edge.<build>.iso /mnt
cd /mnt
sudo cp -fr install/netboot/* /var/lib/tftpboot/
sudo mkdir /var/www/html/nsx-edge
sudo cp -fr /mnt/* /var/www/html/nsx-edge/

(Optional) Edit the /var/www/html/nsx-edge/preseed.cfg file to modify the encrypted passwords.
You can use a Linux tool such as mkpasswd to create a password hash.
```
sudo apt-get install whois
sudo mkpasswd -m sha-512

Password: 
$6$SUFGqs[...]FcoHLijOuFD
```
1. Modify the root password, edit /var/www/html/nsx-edge/preseed.cfg and search for the following line:
```
d-i passwd/root-password-crypted password $6$tgmLNLMp$9BuAHhN...
```
2. Replace the hash string.
  You do not need to escape any special character such as $, ', ", or \.
3. Add the usermod command to preseed.cfg to set the password for root, admin, or both.
  For example, search for the echo 'VMware NSX Edge' line and add the following command.
```
usermod --password '\$6\$VS3exId0aKmzW\$U3g0V7BF0DXlmRI.LR0v/VgloxVotEDp00bO2hUF8u/' root; \
usermod --password '\$6\$VS3exId0aKmzW\$U3g0V7BF0DXlmRI.LR0v/VgloxVotEDp00bO2hUF8u/' admin; \
```
  The hash string is an example. You must escape all special characters. The root password in the first usermod command replaces the password that is set in d-i passwd/root-password-crypted password $6$tgm....
  
  If you use the usermod command to set the password, the user is not prompted to change the password at the first login. Otherwise, the user must change the password at the first login.

Add the following lines to the /var/lib/tftpboot/pxelinux.cfg/default file.

Replace 192.168.210.82 with the IP address of your TFTP server.

label nsxedge
    kernel ubuntu-installer/amd64/linux
    ipappend 2
    append netcfg/dhcp_timeout=60 auto=true priority=critical vga=normal partman-lvm/device_remove_lvm=true netcfg/choose_interface=auto debian-installer/allow_unauthenticated=true preseed/url=http://192.168.210.82/nsx-edge/preseed.cfg mirror/country=manual mirror/http/hostname=192.168.210.82 nsx-kickstart/url=http://192.168.210.82/nsx-edge/nsxcli.install mirror/http/directory=/nsx-edge initrd=ubuntu-installer/amd64/initrd.gz mirror/suite=bionic netcfg/do_not_use_netplan=true --

Add the following lines to the /etc/dhcp/dhcpd.conf file.
Replace 192.168.210.82 with the IP address of your DHCP server.
```
allow booting;
allow bootp;

next-server 192.168.210.82; #Replace this IP address
filename "pxelinux.0";
```
Restart the DHCP service.
```
sudo service isc-dhcp-server restart
```
Note: If an error is returned, for example: "stop: Unknown instance: start: Job failed to start", run sudo /etc/init.d/isc-dhcp-server stop and then sudo /etc/init.d/isc-dhcp-server start. The sudo /etc/init.d/isc-dhcp-server start command returns information about the source of the error.

What to do next

Install NSX Edge on bare metal using an ISO file. See Install NSX Edge Automatically via ISO File.